40 #define PARSE_REGEX "^\\s*([0-9]*)?\\s*([<>=-]+)?\\s*([0-9]+)?\\s*$" 42 static pcre *parse_regex;
43 static pcre_extra *parse_regex_study;
54 static _Bool PrefilterTtlIsPrefilterable(
const Signature *s);
78 static inline int TtlMatch(
const uint8_t pttl,
const uint8_t mode,
79 const uint8_t dttl1,
const uint8_t dttl2)
87 else if (mode ==
DETECT_TTL_RA && (pttl > dttl1 && pttl < dttl2))
122 return TtlMatch(pttl, ttld->
mode, ttld->
ttl1, ttld->
ttl2);
136 #define MAX_SUBSTRINGS 30 142 int ret = pcre_exec(parse_regex, parse_regex_study, ttlstr, strlen(ttlstr), 0, 0, ov,
MAX_SUBSTRINGS);
143 if (ret < 2 || ret > 4) {
148 int res = pcre_copy_substring((
char *) ttlstr, ov,
MAX_SUBSTRINGS, 1, arg1,
sizeof(arg1));
156 res = pcre_copy_substring((
char *) ttlstr, ov,
MAX_SUBSTRINGS, 2, arg2,
sizeof(arg2));
164 res = pcre_copy_substring((
char *) ttlstr, ov,
MAX_SUBSTRINGS, 3, arg3,
sizeof(arg3));
177 if (strlen(arg2) > 0) {
180 if (strlen(arg3) == 0)
187 if (strlen(arg1) > 0)
192 if (strlen(arg3) == 0)
199 if (strlen(arg1) > 0)
204 if (strlen(arg1) == 0 || strlen(arg3) == 0)
211 SCLogDebug(
"ttl is %"PRIu8
" to %"PRIu8
"",ttl1, ttl2);
220 if ((strlen(arg2) > 0) ||
221 (strlen(arg3) > 0) ||
231 if ((strlen(arg3) > 0) ||
238 if (ttl1 < 0 || ttl1 > UCHAR_MAX ||
239 ttl2 < 0 || ttl2 > UCHAR_MAX) {
247 ttld->
ttl1 = (uint8_t)ttl1;
248 ttld->
ttl2 = (uint8_t)ttl2;
315 if (PrefilterPacketHeaderExtraMatch(ctx, p) ==
FALSE)
318 if (TtlMatch(pttl, ctx->
v1.
u8[0], ctx->
v1.
u8[1], ctx->
v1.
u8[2]))
348 PrefilterPacketTtlSet,
349 PrefilterPacketTtlCompare,
350 PrefilterPacketTtlMatch);
353 static _Bool PrefilterTtlIsPrefilterable(
const Signature *s)
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
SignatureInitData * init_data
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void DetectTtlRegister(void)
Registration function for ttl: keyword.
int(* SetupPrefilter)(DetectEngineCtx *de_ctx, struct SigGroupHead_ *sgh)
int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type, void(*Set)(PrefilterPacketHeaderValue *v, void *), _Bool(*Compare)(PrefilterPacketHeaderValue v, void *), void(*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
_Bool(* SupportsPrefilter)(const Signature *s)
Container for matching data for a signature group.
#define SIG_FLAG_REQUIRE_PACKET
#define PARSE_REGEX
Regex for parsing our ttl options.
Used to start a pointer to SigMatch context Should never be dereferenced without casting to something...
main detection engine ctx
void DetectTtlFree(void *)
this function will free memory associated with DetectTtlData
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void DetectSetupParseRegexes(const char *parse_str, pcre **parse_regex, pcre_extra **parse_regex_study)
void SigMatchAppendSMToList(Signature *s, SigMatch *new, int list)
Append a SigMatch to the list type.
struct SigMatch_ ** smlists
void DetectTtlRegisterTests(void)
this function registers unit tests for DetectTtl
int(* Match)(ThreadVars *, DetectEngineThreadCtx *, Packet *, const Signature *, const SigMatchCtx *)
#define PKT_IS_PSEUDOPKT(p)
return 1 if the packet is a pseudo packet
SigMatch * SigMatchAlloc(void)
Per thread variable structure.
void(* RegisterTests)(void)
a single match condition for a signature
#define IPV4_GET_IPTTL(p)